Firewall/iproute query



Hi,

Has anyone done something like this before ? I've checked the
Netfilter/iptables FAQ's and the iproute2/policy routing documentation, but
no-one seems to have done anything exactly like this before.

I have a managed server on the internet, IP address a.b.c.d, and it needs to
connect to another managed server, somewhere else on the internet, with
public address w.x.y.z. The server w.x.y.z is behind a router and firewall
(F), running Fedora 6. All well and good, I can connect on the ports I
require.

However, to provide some redundancy, I've got two different ISP's coming
into the firewall F, call them A and B. I've put several network cards in
w.x.y.z, configured one for ISP A and ISP B, and I can connect via ISP A to
w.x.y.z when I make the default route to the appropriate network A, and
similarly with connection via ISP B when the default route from w.x.y.z is
via the appropriate network B.

What I'd like to do is NAT or smart policy routing so that I can route to
server w.x.y.z via an ISP of choice from a.b.c.d without restarting networks
adding/removing routes etc. Ideally, I'd like to load balance so, for
example traffic for port xxxx goes via ISP A and traffic for port yyyy goes
via ISP B in real time. Or even the same port on a round-robin basis.

When we try this and do some packet analysis, it seems that with ISP A as
the default gateway on server w.x.y.z, packets sent via ISP B are received
at w.x.y.z, but the replies destined for a.b.c.d are routed to ISP A.

Any thoughts ? Is this even possible ?

Hope the description makes sense.

Thanks,

Alan


Alan Wilson | Icetrak Ltd | v 0845 456 0561 | f: 0870 889 5005 | w:
http://www.icetrak.com/


--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list